> -----Messaggio originale----- > Da: Francesco Chicchiriccò [mailto:[email protected]] > Inviato: mercoledì 9 gennaio 2013 14:01 > A: [email protected] > Oggetto: Re: Support for encripted schema attributes > > > On 09/01/2013 13:02, Denis Signoretto wrote: > > Hi Syncopers, > > > > At the moment, for our purpose, it's not a actual requirement. > > > > I'm wondering if in the roadmap could be added a schema attribute > > which Syncope stores encrypted so neither the administrator > can view the real value. > > > > WDYT ? > > Hi Denis, > it seems a nice idea, indeed. > I'd schedule an "Encrypted schema" for 1.2.0, alongside with > SYNCOPE-123 > (Binary schema). > > Is it correct to say that we are talking about a schema whose > attribute > values are stored encrypted in the underlying database and decrypted > during read? > I imagine, in fact, that transfer objects (UserTO, RoleTO and > MembershipTO) will contain such values as cleartext anyway...
Yes, maybe through GuardedString Java object like password implementation. Moreover, it could be desiderable the possibility to choose if their content should be visible in the administration console. Regards. Denis > > Regards. > > -- > Francesco Chicchiriccò > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member > http://people.apache.org/~ilgrosso/ > >
